A single click mounted a covert, multistage attack against Copilot (arstechnica.com)

Microsoft has patched a critical vulnerability in its Copilot AI assistant after white-hat researchers from Varonis demonstrated a multistage attack that enabled the theft of sensitive user data with a single click. The exploit leveraged a malicious URL sent through email, allowing attackers to extract information such as users' names, locations, and specific interaction details from their Copilot chat histories. Alarmingly, the attack continued to execute in the background even if the user closed the Copilot chat, effectively bypassing various enterprise endpoint security measures. The attack worked by embedding a carefully constructed prompt in a URL, manipulating Copilot's ability to process user inputs. This technique allowed the malicious task to send personal data to a Varonis-controlled server without requiring further user interaction once the link was clicked. By using a complex pseudocode prompt, the researchers were able to extract a user secret and additional personal details covertly. This incident underscores the need for enhanced security measures within AI models and applications, particularly those that handle sensitive user data, as even a single click can lead to significant data breaches.